Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/wUlQI64QroP6nPNR9JTVb0lxmsE.roa
File:                     wUlQI64QroP6nPNR9JTVb0lxmsE.roa (raw, json)
Hash identifier:          qeY85MR6FRZ7MKXMhMZo44pVMKjdWTCSHPrHVWRpYhU=
Subject key identifier:   C1:49:50:23:AE:10:AE:83:FA:9C:F3:51:F4:94:D5:6F:49:71:9A:C1
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091B052A117DB5F6370ECEE5DBB8B095
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/wUlQI64QroP6nPNR9JTVb0lxmsE.roa
Signing time:             Sun 25 May 2025 20:20:55 +0000
ROA not before:           Sun 25 May 2025 20:20:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206413
IP address blocks:        2a13:b9c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:05:2a:11:7d:b5:f6:37:0e:ce:e5:db:b8:b0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:20:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1495023ae10ae83fa9cf351f494d56f49719ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:52:77:52:0d:fa:a4:a9:74:5a:63:94:78:8f:
                    0e:66:89:46:85:b1:49:33:49:69:42:e6:71:0d:80:
                    40:82:cf:66:53:7a:4e:35:07:8f:70:39:04:5a:cd:
                    87:78:c9:c3:f2:37:dd:f1:14:45:70:74:65:d1:5b:
                    50:33:04:14:ed:ed:3c:aa:db:7d:9c:59:40:3e:74:
                    48:59:ea:1d:87:cd:d3:e3:9d:23:e8:9c:cf:da:fe:
                    18:6a:0f:75:ce:e1:25:4d:a0:41:99:ea:3f:a8:14:
                    f0:e5:15:fb:83:bd:2f:28:4e:8e:56:fa:d2:48:a6:
                    12:ac:02:85:96:92:10:87:82:1f:82:3d:bf:1a:df:
                    e8:45:3f:a0:3f:10:81:6c:4f:29:d4:c2:06:6e:a7:
                    e3:65:ac:cf:1c:52:80:67:54:89:e6:94:ed:71:47:
                    7b:d6:8a:fc:85:78:5d:ba:f4:b6:d6:9a:a0:67:ea:
                    72:89:1a:d9:a3:a0:6e:1e:cc:56:20:45:6d:6c:60:
                    e9:d8:da:e4:3e:70:2c:e3:34:6b:79:bd:65:cf:06:
                    02:1f:d2:c1:ab:73:57:4f:bc:e2:ed:31:3b:2f:45:
                    f3:5d:f0:43:53:4f:56:9c:b0:92:81:73:c3:72:ad:
                    af:63:65:cb:af:e6:89:ea:dd:83:f6:0d:c9:19:fc:
                    52:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:49:50:23:AE:10:AE:83:FA:9C:F3:51:F4:94:D5:6F:49:71:9A:C1
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/wUlQI64QroP6nPNR9JTVb0lxmsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:a7:6f:81:96:ee:01:35:71:48:db:0c:e2:33:5d:f0:82:ba:
         de:19:16:4b:84:6e:c8:b4:ed:b7:c0:fb:39:88:f8:ff:4e:51:
         fd:c2:13:5a:46:ad:e8:72:ff:39:23:4d:86:1a:2f:ba:70:ca:
         f0:d7:f1:93:cf:93:c3:6b:0a:37:16:87:b8:d6:1c:80:92:17:
         58:06:ff:64:29:95:80:8b:64:70:5f:26:04:98:a8:dd:b5:e0:
         45:03:53:ba:60:12:fd:dd:84:97:42:31:db:06:d4:63:cf:84:
         ba:42:33:40:3a:53:92:da:ed:83:42:09:2b:55:5b:4c:7a:49:
         0f:cf:15:a8:da:a0:3e:b2:76:42:e8:c8:a9:44:fe:87:ff:cf:
         8b:47:9d:f4:31:86:e9:1c:a1:4c:5b:85:8d:d7:99:49:bf:a5:
         cb:92:5f:ca:1a:51:c0:68:29:5c:24:8b:40:ab:96:cb:26:bf:
         1f:82:a0:62:d3:a4:31:24:0a:31:88:26:ce:cd:2b:94:2f:79:
         f5:42:ca:09:b1:10:13:19:d6:c8:b3:4f:b0:1d:40:11:32:a7:
         e5:43:d2:e6:32:b6:5f:33:79:17:22:9d:b2:12:29:f7:db:9f:
         6d:bd:e3:d9:2b:a6:19:e1:3d:69:94:67:b1:ea:e0:6f:fb:b3:
         f4:2b:37:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJGwUqEX219jcOzuXbuLCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ5NTAyM2FlMTBhZTgzZmE5Y2YzNTFmNDk0ZDU2ZjQ5NzE5YWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlJ3Ug36pKl0WmOUeI8OZolGhbFJ
M0lpQuZxDYBAgs9mU3pONQePcDkEWs2HeMnD8jfd8RRFcHRl0VtQMwQU7e08qtt9
nFlAPnRIWeodh83T450j6JzP2v4Yag91zuElTaBBmeo/qBTw5RX7g70vKE6OVvrS
SKYSrAKFlpIQh4Ifgj2/Gt/oRT+gPxCBbE8p1MIGbqfjZazPHFKAZ1SJ5pTtcUd7
1or8hXhduvS21pqgZ+pyiRrZo6BuHsxWIEVtbGDp2NrkPnAs4zRreb1lzwYCH9LB
q3NXT7zi7TE7L0XzXfBDU09WnLCSgXPDcq2vY2XLr+aJ6t2D9g3JGfxSuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMFJUCOuEK6D+pzzUfSU1W9JcZrBMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvd1VsUUk2NFFyb1A2blBOUjlKVFZiMGx4bXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5wjAN
BgkqhkiG9w0BAQsFAAOCAQEAaKdvgZbuATVxSNsM4jNd8IK63hkWS4RuyLTtt8D7
OYj4/05R/cITWkat6HL/OSNNhhovunDK8Nfxk8+Tw2sKNxaHuNYcgJIXWAb/ZCmV
gItkcF8mBJio3bXgRQNTumAS/d2El0Ix2wbUY8+EukIzQDpTktrtg0IJK1VbTHpJ
D88VqNqgPrJ2QujIqUT+h//Pi0ed9DGG6RyhTFuFjdeZSb+ly5JfyhpRwGgpXCSL
QKuWyya/H4KgYtOkMSQKMYgmzs0rlC959ULKCbEQExnWyLNPsB1AETKn5UPS5jK2
XzN5FyKdshIp99ufbb3j2SumGeE9aZRnsergb/uz9Cs3gg==
-----END CERTIFICATE-----